The increasing ability to access sensitive data remotely via networks increases risks of security breaches. In public open networks, such as the Internet, communication is susceptible to many types of security attacks, such as impersonation, session hijacking and virus attacks. In private internal networks, also known as intranets, organizations are susceptible to security breaches from inside the organizations as well as from the outside world.
Today, security solutions include tools such as firewalls which control access to a network by checking addresses of sources and targets in a communication session. However, firewalls do not deal with features such as user identity, access rights of a user, user and server authentication, data integrity, secure access to data and to specific applications, non-repudiation (i.e., inability to cancel a transaction after it is performed), session privacy and user accountability.
U.S. Pat. Nos. 5,282,249 and 5,481,609 to Cohen et al describe a system for controlling access to broadcast transmissions including a transmitter having a transmission encoder for scrambling the broadcast, a multiplicity of subscriber receivers, each having an identical receiving decoder, containing no cryptographic keys, for descrambling the broadcast and a plurality of selectable and portable executing apparatus each being operatively associatable with a receiving decoder at a partially different given time and each executing generally identical operations to generate a seed for use by the associated receiving decoder to enable the receiving decoder to descramble the broadcast.
U.S. Pat. No. 5,666,412 to Handelman et al describes a CATV system including a CATV network and apparatus for transmitting over the CATV network information to a multiplicity of subscriber units, each including a CATV decoder and an IC card reader and writer coupled to the CATV decoder, the IC card reader and writer including two separate card receptacles, such that IC cards inserted into the two separate IC card receptacles are separately accessed by the IC card reader and writer.
U.S. Pat. No. 5,774,546 to Handelman et al describes one IC card with two separate integrated circuits embodied within, wherein each of the separate integrated circuits is separately accessible by an IC card reader and writer.
U.S. Pat. No. 4,405,829 to Rivest et al describes the RSA public-key encryption and digital signature challenge-response scheme.
U.S. Pat. No. 4,748,668 to Shamir et al describes the Fiat-Shamir identification and authentication scheme.
U.S. Pat. No. 4,709,136 to Watanabe describes an IC card reader/writer apparatus which includes at least two contactors in which IC cards are inserted, respectively, card detecting means for detecting that at least two IC cards have been loaded, and collating means verifying that correct cipher codes of the two IC cards coincide with those inputted externally; respectively, wherein access to the contents stored in the IC cards is allowed only when the collation results in coincidence.
U.S. Pat. No. 4,594,663 to Nagata et al describes a credit transaction processing system which processes data related to a commodity entered into by using a card owned by a customer and a recording card owned by a store.
U.S. Pat. No. 5,010,571 to Katznelson describes a system for controlling and accounting for retrieval of data from a CD-ROM memory containing encrypted data files from which retrieval must be authorized.
The following references describe some aspects of related technology:
U.S. Pat. No. 4,159,417 to Rubincam;
U.S. Pat. No. 4,160,242 to Fowler et al;
U.S. Pat. No. 4,290,062 to Marti et al;
U.S. Pat. No. 4,350,070 to Bahu;
U.S. Pat. No. 4,589,659 to Yokoi et al;
U.S. Pat. No. 4,639,225 to Washizuka;
U.S. Pat. No. 4,680,459 to Drexler;
U.S. Pat. No. 4,740,912 to Whitaker;
U.S. Pat. No. 4,855,725 to Fernandez;
U.S. Pat. No. 4,917,292 to Drexler;
U.S. Pat. No. 4,937,821 to Boulton;
U.S. Pat. No. 4,985,697 to Boulton;
U.S. Pat. No. 5,113,178 to Yasuda et al;
U.S. Pat. No. 5,167,508 to McTaggart;
U.S. Pat. No. 5,239,665 to Tsuchiya;
U.S. Pat. No. 5,285,496 to Frank et al;
U.S. Pat. No. 5,339,091 to Yamazaki et al;
U.S. Pat. No. 5,371,493 to Sharpe et al;
U.S. Pat. No. 5,413,486 to Burrows et al,
U.S. Pat. No. 5,438,344 to Oliva;
U.S. Pat. No. 5,466,158 to Smith III,
U.S. Pat. No. 5,469,506 to Berson et al;
U.S. Pat. No. 5,484,292 to McTaggart;
U.S. Pat. No. 5,533,124 to Smith et al;
U.S. Pat. No. 5,534,888 to Lebby et al;
U.S. Pat. No. 5,555,446 to Jasinski;
U.S. Pat. No. 5,625,404 to Grady et al;
U.S. Pat. No. 5,630,103 to Smith et al;
U.S. Pat. No. 5,661,635 to Huffman et al;
U.S. Pat. No. 5,663,748 to Huffman et al;
U.S. Pat. No. 5,689,648 to Diaz et al;
U.S. Pat. No. 5,697,793 to Huffman et al;
European Patent Application 0 683 613 A2, assigned to AT&T Corporation; and
an article titled “Virtual Meetings with Desktop Conferencing”, by Amitava Dutta-Roy, in IEEE Spectrum, July 1998, pages 47-56.
Additionally, technologies related to the SSL (Secure Socket Layer) protocol, and the IPSEC (IP Security) protocol are described in a book titled “Internet and Intranet Security”, by R. Oppliger, published by Artech House 1998, in section 10.3 on pages 226-239 and in section 9.3 on pages 160-177 respectively.
The disclosures of all references mentioned above and throughout the present specification are hereby incorporated herein by reference.